433429 – genhomedircon creates duplicate entries

Bug 433429 - genhomedircon creates duplicate entries

Summary: genhomedircon creates duplicate entries

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	5.1
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-02-19 08:55 UTC by Christian Jung
Modified:	2009-01-20 22:00 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-01-20 22:00:31 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:0206	0	normal	SHIPPED_LIVE	policycoreutils bug fix update	2009-01-20 16:06:12 UTC

Description Christian Jung 2008-02-19 08:55:35 UTC

Description of problem:
genhomedircon creates entries in
/etc/selinux/targeted/contexts/files/file_contexts.homedirs to setup SELinux
labels for /home, /root,...

If one use has $HOME set to /usr/local/$USER, genhomedircon also add entries for
/usr/local. This is conflicting with existing entries in file_contexts.

Users see warning messages about duplicate entries:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same specifications
for /usr/local/lost\+found.

Version-Release number of selected component (if applicable):
policycoreutils-1.33.12-12.el5

How reproducible:
always

Steps to Reproduce:
1. create a new user with $HOME in /usr/local:
useradd -d /usr/local/test test
2. execute genhomedircon to update file_contexts.homedirs
genhomedircon
3. login to localhost with ssh:
ssh localhost
(this is only an example, other commands also throw warning messages)

Actual results:
warning messages (see above)

Expected results:
no warning message

Additional info:
genhomedircon should not create entries for directories which are already
included in file_contexts.

Comment 1 Daniel Walsh 2008-02-19 15:32:49 UTC

Too late to put this into U2,  Should be fixed in U3.  For now, don't do that. 
Homedirs should not be in /usr/local.  If you have a service with a homedir in
/usr/local, it should have a shell of /sbin/nologin or /bin/false.  And/or have
a UID < 500.

Comment 2 RHEL Program Management 2008-06-04 22:46:31 UTC

This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 3 Daniel Walsh 2008-09-17 20:01:34 UTC

Fixed in policycoreutils-1.33.12-14.1.el5

Comment 8 Daniel Walsh 2008-11-04 20:32:16 UTC

Fixed in policycoreutils-1.33.12-14.2.el5

Comment 13 errata-xmlrpc 2009-01-20 22:00:31 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0206.html

Note You need to log in before you can comment on or make changes to this bug.